1. Field of the Invention
This invention relates to the implementation of an encryption mechanism for accessing sensitive information in a computer, computerized device, or system containing a central processing unit (CPU).
2. Background
Encryption is useful to protect information from unauthorized others. However, encryption technology, no matter how good, will not protect against attacks directed toward flawed implementations of the technology. Encryption technologies use computer-implemented algorithms that use a key to process the information that is to be encrypted or decrypted. No matter how strong the encryption algorithm, or how large the key, if the key is predictable, or if the key can be determined, the protection sought to be provided by the encryption will fail.
Encryption techniques are well known in the art. Implementation of encryption techniques is difficult and often subject to indirect attacks (that is, attacks directed not at the encryption algorithm or encrypted data, but rather at the encryption key).
One approach attackers use when attacking an encryption schema is that the attacker will attempt to interrupt the execution of the encryption algorithm by using breakpoints or execution trace mechanisms. The attacker is then able to determine the encryption algorithm and the techniques used to generate the key. For example, an attacker using these methods will easily find the key if the key is stored in a database (such as the Windows registry or the Macintosh desktop), or if the key is stored in the encryption algorithm itself.
This problem increases the risk to providers of proprietary programming because their proprietary programming can often be discovered (reverse engineered) and disseminated to others thus affecting the revenue potential of owner of the proprietary programming.
Other complementary approaches to increase the resilience of encryption code to an attack is to execute the encryption code on the stack, to write the encryption code as self modifying code, and other known techniques. These techniques can be used with the invention. Thus, it would be advantageous to increase the difficulty associated with determining the encryption key for an encryption algorithm.
The present invention increases the difficulty of reverse engineering sensitive information protected by an encryption algorithm by increasing the difficulty associated with tracing the code that generates the key or applies the encryption algorithm. This is accomplished by generating the key, used to encrypt and decrypt the sensitive information, as a function of the program instruction values of the procedures used to generate the key and/or perform the decryption of the sensitive information. Thus, if the key generation code or the decryption code is modified (such as (but without limitation) by placement of a breakpoint, a trace function, or a halt instruction in the code) the resulting key will be different from the key used to encrypt the sensitive information and the decryption attempt will fail.
One aspect of the invention is a computer controlled method for encrypting sensitive information with a tamper-resistant key. The method includes a step for determining the tamper-resistant key responsive to program instruction values. These program instruction values are to be included within at least one key domain. The program instruction values are to be executed when decrypting the sensitive information. Another step is that of encrypting the sensitive information using the tamper-resistant key to create an encrypted version of the sensitive information. Yet another step, is that of storing the encrypted version and the program instruction values. The encrypted version is decrypted when access is needed to the sensitive information.
Another aspect of the invention is a computer controlled method for decrypting sensitive information with a tamper-resistant key. One step of the method is that of determining the tamper-resistant key by executing program instruction values included within at least one key domain. The tamper-resistant key is a function of the program instruction values executed to determine the tamper-resistant key. Another step is that of decrypting an encrypted version of the sensitive information using the tamper-resistant key so determined.
Yet another aspect of the invention, is an apparatus that includes a CPU and memory. This apparatus includes a key determination mechanism used to determine the tamper-resistant key as a function of the program instruction values in at least one key domain. The instruction values are to be executed when decrypting the sensitive information. The apparatus also includes an encryption mechanism that encrypts the sensitive information using the tamper-resistant key to create an encrypted version of the sensitive information. In addition, the apparatus also includes a storage mechanism used to store the encrypted version and the program instruction values.
Yet another aspect of the invention, is a computer program product that includes a computer usable storage medium having computer readable code embodied therein for causing for causing a computer to encrypt sensitive information with a tamper-resistant key. When executed on a computer, the computer readable code causes the computer to effect a key determination mechanism, an encryption mechanism, and a storage mechanism. Each of these mechanisms having the same functions as the corresponding mechanisms for the previously described apparatus.
Still another aspect of the invention is an apparatus for decrypting the sensitive information using a tamper-resistant key. The apparatus includes a key determination mechanism for determining the tamper-resistant key by executing program instructions included within at least one key domain. The tamper-resistant key is a function of the program instruction values. The apparatus also includes a decryption mechanism that decrypts an encrypted version of the sensitive information using the tamper-resistant key.
Yet another aspect of the invention, is a computer program product that includes a computer usable storage medium having computer readable code embodied therein for causing for causing a computer to for causing a computer to decrypt sensitive information with a tamper-resistant key. When executed on a computer, the computer readable code causes the computer to effect a key determination mechanism, and a decryption mechanism. Each of these mechanisms having the same functions as the corresponding mechanisms for the previously described apparatus.